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Because of the original tight deadline , 
arrangements were made through the Comptroiler' $s 
STATINTD££ice to check with concerning the 
possibility of a new suspense date. He looked 
into the situation, later reported that OMB was 
quite "relaxed" about the timing, and he did 


authorize a somewhat indefinite extension. He 
did not specify a new due date. 
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Protection of Personal Privacy in Federal 
Information Systems 


John F. Blake 
Deputy Director for Administratio 


FROM: EXTENSION 


TO: {Offear designation, room number, and i 
building} OFFICER'S 
INITIALS 


COMMENTS (Number each commant toa show from whom 
to whom. Draw a line across column affar each comment.) 


JL eR Ga a ee et NN ae OA a iy 


Director of Central 
Intelligence 


Sir: 


The attached letter for 
your signature is submitted 
as your response to Dr. Marik 
OMB, concerning the subject 
circular, which was thoroughl 
reviewed by and discussed wit 
representatives from OGC, OLC 
Personnel, Security and ISAS. 
Your letter follows the guide 
lines suggested by OLC. 
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Recommend you sign this 
letter to Dr. Marik. 


fef Jobe. FL 3-4 


John F. Blake 
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Hp, BRopert fi. Maric 

Aeseciate Director for Manascment 
und Operations 

Office of Management and Budzet 

Washington, D. C. 29503 


Dear Dr. Marik: 


This is in reply to your letter, dated 27 September 
1974, requesting our comments regarding a proposed OMB 
Circular relating to the Protection of Personal Privacy 
in Federal Information Systems to serve as interim guid- 
ance pending the enactment of legislation or issuance of 
an Executive Order. 


As you undoubtedly are aware, the proposed legisla- 
tion and the Executive Order, by granting access to records 
affecting intelligence sources and methods, do present 
serious security problems for this Agency. Our position 
has consistently been to request an exemption from most 
of the provisions of these proposals. This position was 
last confirmed to Mr, Stanley Ebner, Gensral Counsel, OMB, 

-by letter dated 4 September 1974 in response to his request 
for comments on the draft Executive Order entitled, "To 
Protect the Rights of Individuals with Respect to Records 
Maintained About Them by Federal Agencies," 


Accordingly, we respectfully request that the Central 
intelligence Agency be granted a similar exemption from 
the provisions of the proposed Circular. 


Sincerely, 


4 hE. SELd 


W. E. Colby 
Director 
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CENTRAL INTELLIGENCE AGENCY 
WASHINGTON, D.C. 20505 


4 SEP 1974 


Mr. Stanley Ebner, General Counsel 
‘Office of Management and Budget ~ 
Washington, D.C. 20503 


Dear Mr. Ebner: 


This is in reply to your letter dated August 21, 1974, requesting 
our comments concerning a proposed Executive Order entitled, "To 
Protect the Rights of Individuals with Respect to Records Memateiied 
About Them by Federal SSB e Rete: " 


It is understood that the purpose of Section 5(b) of the proposed 
Order is to exempt the records of the Central Intelligence Agency from 


all provisions except for sections 2(b), 3{b), and 4(c)(1) through 4(c) (4). 


However, in view of the introductory phrasing of section 5, it might 


be argued that the exemption does not apply to CIA records disseminated 


to other agencies. 
In the interest of clarifying this ambiguity, itis eequedeead that. 
Section 5 be revised ene the following lines: . a. 


"Sec. 5. Except cat) subsections 2(b), 3(b), : ~ 
and 4(c)(1) ~ (4) -- | 


(a) the head of an agency may exempt from 
all or part of the provisions of this Order. 
any portion of a system of record which is:" 

[NOTE: To conform to the format of 
the proposed Order redesignate sub- 
paragraphs (a) and (c) through (g) as 
subparagraphs (1) through (6), respectively. ] 
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_"(b) systems of records, or any portion 
thereof, maintained or originated by the 
Central Intelligence Agency shall be 

_ exempt from the provisions of this Order..." 


With the above change, we offer no > objection to the issuance | 
_ of the proposed Executive Order. , 


Sincerely, 
43f WE Colby 


WwW. E Golby 
Director 
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SEP 27 197 


TO THE HEADS OF EXECUTIVE DEPARTMENTS AND ESTABLISHMENTS 


SUBJECT: Protection of Personal Privacy in Federal 
Information Systems 


En¢losed for your review is a proposed OMB Circular relating 
to the protection of personal privacy in Federal information 
systems. This draft was prepared by a task force of the 
Domestic Council Committee on the Right of Privacy consisting 
of personnel from the Departments of Defense and Commerce, 
the General Services Administration, the Office of Telecom- 
munications Policy and the Office of Management and Budget. 
It is being coordinated at the request of the Committee 
staff. : 


The draft Circular would establish rules for the protection 
of records containing personal data and require each agency 
head to establish an internal program for their implementa- 
tion. As indicated in the draft, it would serve as interim 
guidance pending the enactment of legislation or issuance 
of an executive order. At such time as either a statute or 
an order is approved, further modifications to the Circular 
would likely be required. 


We would appreciate your comments: by October 10, 1974, 


_ Sincerely, 7. 


ef Lop Wty ye 
LA LE GIL GOLA 


Robert U. Marik 
Associate Director for 
Management and Operations 


rs 


Enclosure 
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OMB Circular A 
TO THE HEADS OF EXECUTIVE DEPARTMENTS AND ESTABLISHMENTS 
SUBJECT: Protection of Personal Privacy in Federal Information 
Systems 

I. Purpose 

To establish policies and procedures for assuring that 
personal privacy is given thorough consideration by the Executive 
Branch in its planning, procurement, operation and use of data. 


processing and data communications systems and services. 


Il. Background 


The Domestic Council Committee on the Right of Privacy 
determined that checks should he incorporated into Federal 
procedures for the planning and procurement of data processing 
and data communications systems and services to assure that 
adequate privacy safeguards are incorporated into such systems. 
While the specific legal aa administrative requirements for 
protecting various types of data will continue to develop, there 
already exists considerable agreement on several general principles 
which should be followed in most instances. Concern has arisen 
about the continued development, expansion, modification and 
operation of Federal data processing and data communications 
systems without careful consideration of the need to apply such 


principles. 


As a first step in responding to this concern, this 
Circular sets forth general principles in Section III for 


safeguarding privacy, and procedures in Section IV or determining 
Approved For Release 2003/06/05 : CIA-RDP84-00780R005800130011-5 
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the application of these principles to each data processing or 

data communications system or service. These procedures are 
intended to be made an integral part of the process of planning, 
procuring and using data processing and data communications 

systems and services within the Executive Branch. Further guidance 
in the form of legislation or executive order is anticipated which 
will delineate additional specific requirements for safeguarding 


privacy with respect to record-keeping systems. 


III. Principles 

A. Except as provided in Subsection B of this section, 
each agency utilizing automatic data processing or data 
communications to maintain a system of records* shall assure 
that the following principles are adhered to with respect to 


each such system of records. 


lL. There must be a publicly available written statement 
of the existence of the system of records, of the purpose or 
purposes for which the information is used, and of the agencies 


which are given access to the records. 


2. The information contained in a system of records 
shall be accurate and limited to that which is necessary to 


serve the stated purpose or purposes of the system. 


3. Access to the records in a system of records must 


be limited only to those individuals within each stated user 


* Seq Ged idaitatWbichibe S66Hd005 YEin-RDP84-00780R005800130011-5 
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agency whose duties requi.e them to use such information to 


accomplish a stated purpuse of the system of records. 


4. No record shad be accessed by, or tranyferred 
to another agency or per on, other than one of the publiciy 
Stated user agencies, or for a purpose other than the publicly 
stated purposes without the informed consent of the individual 


subject, unless all of the following criteria are met: 


a. The *ead of the agency with custody of such 
records determines that such transfer is in conformance 
with the law and has formally authorized such transfer, in 


writing, for good and stated reasons; and 


b. The agency with custody of such records 
determines that the recipient will provide safeguards equivalent 


‘to those maintained by the agency; and 


c. The individual subject is notified promptly 


of such access or transfer; and 


ad. A permanent record of such access or transfer 


is retained by the agency with custody of such records. 


5. An individual shall have access to and, if he 
desires, shall be able to obtain a copy of all information 


pertaining to him in such a system of records. 
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6. A procedure must exist whereby an individual can 
request correction of any information about him, appeal within 
the agency the denial of such a request, and if correction 
is denied further, file a statement to become part of his 


record setting forth the nature of the disagreement. 


7. Reasonable safeguards against unauthorized access 
to such records shall be maintained in accordance with 


applicable guidelines and standards of good practice. 
B. The above principles are to be adhered to except: 
1. Where inconsistent with law or executive order, or 


2. Where the head of an agency has determined that a 
deviation from these principles is in the public interest, and 
has clearly described the nature of the deviation and the 


reasons therefor in a Privacy Safeguards Plan as required below. 


Iv. Implementation 

A. Each Federal department or Federal establishment will 
establish an Office of Record for Privacy Safeguard Plans. 
Such plans will be open for inspection by the public. The 


filing of such plans fulfills the requirement of Paragraph A.1. 


of Section III. 


B. Each agency which plans to acquire or modify facilities 


or services for automatic data processing or data communications 


shall: 
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1. Determine wl ather such facilities or services will 


be used to maintain a system of records as defined herein; and 
| 
2. If such detr-~mination is negative, file a statement 


to that effect with the ‘fice of Record; otherwise 


3. Determine the applicability of the principles 


stated above to each system of records involved; and 


4. Determine the system features required to implement 


all applicable principles; and 


5. Document these determinations in a Privacy Safeguards 


Plan as required below. 


-€. Each agency which continues to maintain a system of 
records is required to review and document the determinations 
described above within four years of the date of this Circular 
unless this is accomplished sooner as a result of actions to 


procure a new system or modify an existing system. 


\ 


D. Each unauthorized access or disclosure of personal 
information, each violation of the policies determined to be 
applicable to a system of records, and each significant breach 
of security safeguards designed to protect the confidentiality 
of personal information, which is detected, shall be investigated 
by the agency with custody of such records, and the details of 
the violation, the causes of the violation, and remedial action 


taken shall be documented and retained as a matter of record. 
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E. Privacy Safeguards Plans, including all of the 
information specified in Attachment A, will be prepared or 
amended, approved at the departmental level and filed with the 


Office of Record 30 days prior to any of the following: 


1. initiation of detailed systems design or programming 
efforts which follow the completion of general system design; 


or 


2. initiation of any procurement for system hardware 


or software for a new automated system of records; or 


3. changes in system hardware, software or adminis- 
trative procedures which affect persons or organizations 
allowed to use the personal information contained in an existing 


automated system of records; or 


4. modification of the data elements included as 


personal information in an automated system of records; or 


5. consolidation or linking of personal data files 


involving different systems of records. 


F. Each Office of Record will maintain an index of ADP 
and data communications systems used within the department or 
agency, including 1) identification of those systems containing 
individually identifiable data and 2) cross references to 
applicable Privacy Safeguard Plans or negative determinations 


required by Section IV, B.2. 
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Vv. Responsibilities 

A. Each department;:and Federal establishment will develop 
and issue instructions to implement this Circular. 

B. The Secretary « Commerce will provide for development 
and promulgation of Federal Information Processing Standards 


and Guidelines for computer security deemed necessary to safeguard 


personal information maintained in automated systems of records. 


C. The Directo~ of the Office of Telecommunications 
Policy will take actions to assure that privacy safeguards are 
fully considered in telecommunications planning activities 


conducted pursuant to OTP policies and directives. 


D. The Administrator of General Services will take action 
to assure that agency procurement requests include certifications 
that privacy safeguards have been fully documented in accordance 
with the provisions of this Circular. The Administrator will 
also assure that privacy safeguards are fully considered and 
incorporated in any GSA plans for interagency shared ADP or 


data communications systems. 


E. The Director of the Office of Management and Budget 
will exercise overall policy guidance to assure that privacy 


safeguards are properly implemented throughout the Executive 


Branch. 
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VI. Definitions 

A. System of records means a collection or grouping of 
personal information preserved for future reference or use which 
is indexed or otherwise organized so as to permit such information 
to be retrieved by reference to the names of individuals or 
some identifying numbers or symbols associated with them, and 
is maintained utilizing automatic data processing or data 


communications. 


B. Personal information means any information which can 
be associated with identifiable individuals through the use of 
names, addresses, social security numbers or other similar items 


or characteristics. 


C. Purpose means the legally authorized function(s) 


performed by an agency, wrich the system is designed to support. 


D. Stated means set out in a Privacy Safeguards Plan. 


Attachment 


Approved For Release 2003/06/05 : CIA-RDP84-00780R005800130011-5 


: . chmen 
: Approved For Release PO SOROS AeA! ApPs4- 00780R005800130011-5 
Outline of Contents 


Privacy Safeguards Plan 


Les Identification 


i.l Name of agency 


1.2 Identification of ADP/data communications 


system covered by this plan. 


1.3 Identification of offices responsible for system 


development, and operation. 


2. Purpose ‘ 
State the purpose foe each system of records containing 

personal information which will utilize the ADP/data 

orinundeaas eae system, and the statutory or other authority 


to collect and maintain information for this purpose. 


3. Content 
3.1 Define each element of information contained in 
each system of records, and the relationship. of each element 


to the purpose of the system. 


3.2 State the approximate number of individuals on whom 


records will be maintained for each system of records. 


3.3 State the time period for which the records will 
be retained, and the procedure for final disposition of 


the records. 
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4, Agency Access % 

4.1 Identify those ayencies of the Federal Government, 
and any other organizations, which will be granted access 
to personal data in each -ystem of records, or to whom sucn 
data may be transferred upon request. State the statutcry 
or other basis for such access or transfer, and any criteria 


used to determine whether access or transfer will be permitted 


by such agencies or organizations. 


4.2 Describe the procedures which will be used for 
obtaining informed consent or for implementing the requirements 
for authorization, safeguards determination, notification 
and recording of any release of seneonad information to 
agencies or organizations other than those identified in 


4.1 above. 


5. User Access 

5.1 State what limits will be placed on access to 
personal Pieoenaeion in each system of records, within each 
user agency or organization, to assure that it is accessed 
only by those individuals whose duties require them to use 


the information. 


5.2 Identify the design features which will be included 
in the design of ADP/data communications systems to implement 


the limits described in Section 5.1. 
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6. Individual Subject Access 

6.1 Describe the procedures whereby an individual 


may obtain access to and, if desired, a copy of all 


information pertaining to him in each system of records. 


6.2 Describe the procedures whereby an individual can 
request correction of information about him, appeal such 
request, or file a statement in the system concerning any 


disagreement. 


7. Unauthorized Access 

Identify the system design features and other safeguards 
and procedures which will be used to prevent unauthorized 
access to personal data contained in each system of records, 


and the estimated cost of these features. 


8. Deviation 
Describe the authority or justification for any deviations 


from the principles contained in Section III. A. of this Order. 
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MEMORANDUM FOR: Assistant for Coordination/DDA 


SUBJECT : OMB Memo, 27 September 1974 


i. The proposed OMB Circular on the Protection of 
Personnel Privacy in Federal Information Systems, if enacted,* 
would directly impact the creation, maintenance and use of 
computer-based files in six specific areas. These impacts are 
detailed below: 


a. It would be necessary to provide, for each perti- 
nent file, a program to select and list specified records (Para 
IIIT A 5). For some files this capability already exists. 


b. It would be necessary to provide, for each perti- 
nent file, a program to list the name and address of each person 
in the file, so that they could be notified promptly each time 
a file is accessed by or transferred to another Agency or person, 
other than one of the publicly-stated user Agencies (Para III A 
4c). For most files this capability does not exist, and in fact, 
many files do not even contain a current mailing address of the 
individual. This would call for the creation of shadow files 
which supplement information in the main files, or for the expan- 
sion of main file record sizes to accommodate the additional re- 
quired information. 


Cc. Each time a record is accessed by or transferred 
to an Agency, other than one of the publicly stated user Agencies, 
a permanent record of such access or transfer must be retained by 
the custodian Agency (Para III A 4d). This would call for the 
creation of shadow files which supplement information in the main 
files, or for the expansion of main file record sizes to accommo- 
date the additional required information. 


d. A procedure must exist whereby an individual can 
request correction of any information about him, appeal within 
the Agency the denial of such a request ("Sorry, Mr. Vladimir, as 
far as we're concerned, you are a KGB agent"), and if correction 
is denied, file a statement to become part of his record setting 


*The force of this Circular is unclear - there are no stated 
penalties for non-compliance, and the role of OMB seems to be 
changing over time. 


Approved For Release 2003/06/05 : CIA-RDP84-00780R005800130011-5 


Approved For Release 2003/06/05 : CIA-RDP84-00780R005800130011-5 


forth the nature of the disagreement ("I am not a KGB agent"). 
(Para III A 6). This would call for the creation of shadow 

files which supplement information in the main files, or for the 
expansion of main file record sizes to accommodate the additional 
required information. 


e. A record must be maintained of any unauthorized 
access or disclosure of personal information (Para IV D). This 
would call for the creation of shadow files which supplement in- 
formation in the main files, or for the expansion of main file 
record sizes to accommodate the additional required information. 


ses Privacy safeguard plans must be specified well 
in advance of the use of personal information (Para IV E). These 
plans would be made at system design time, involving significant 
effort by the computer analyst creating the system. 


2s Depending on the size and use of a system of records, 
the implementation of items a - f£f above, would add from 25 to 300 
percent to the system cost. The increased costs would be inversely 
proportionate to the complexity of the system, i.e., the cost of 
a very large, complex system would be little affected by these 
personnel privacy considerations. 


= There are some fuzzy areas in this Circular - for 
example, does a system of records (Para VI A) include paper files 
referenced by a computer-based file? Does this Circular apply 
only to personal privacy considerations of U. S. Nationals; does 
it include aliens in the U. S. or Foreign Nationals? In Attach- 
ment A to the Circular, mention is made of possible deviations 
from the principles contained in Para III A, but no mention of 
how these deviations are adjudicated. Although the circular calls 
for notification to persons named in a file when this file is 
- accessed or transferred to another Agency or person, it does not 
call for notification when a record is added to a file, or when 
the file is created. Thus, a person might only discover he was 
part of a file when notified that some other Agency had access 
to the file in question. The careful reader will probably detect 
other such incongruities. 


STATINTL 
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8 Oct 1974 


MEMORANDUM FOR: Deputy Director for Administration 


SUBJECT : Protection of Personal Privacy in 
Federal Information Systems 


REFERENCE : OMB Memorandum to the Heads of 
Executive Departments and Establish- 
ments, Same Subject, dtd 27 September 1974 


1. This memorandum is for information only. 


2. Pursuant to your request, we have reviewed the 
proposed OMB circular relating to the Protection of 
Personal Privacy in Federal Information Systems refer- 
enced above. 


3. The Office of Security currently operates the 
following automated personal data information systems 
which would appear to fall within the scope of the 
provisions of the OMB circular: 


CENBAD (Central Badging System) 
SPECLE (Special Clearance System) 
OSCCAR (Office of Security Case Control and 
Reporting System) 
SANCA (Security Automated Name Check Activity) 
SEADORS (Security Automated Dossier Retirement System) 
Holabird Data Link 


Indirectly, all of our security dossiers and polygraph 
files as well as smaller file holdings within the Office 
of Security may also be considered to come under the 
provisions of the OMB circular. 


4. While we support the concept of the proposal 
put forward by the OMB, nevertheless, we believe that 
in the interest of national security the DCI would 
necessarily exercise the authority granted to him (as 
an agency head) in Section III B of the proposed circular 
to make exceptions for certain Office of Security files 
from some of the requirements as set forth. In particular, 
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the provision of Section III A 5 granting the right of 
access to individual file subjects to all information 

in their respective files in our view would seriously 

impair our ability to collect investigative material or 

at the very least would make administratively more difficult 
the maintenance of such material. 


5. The implementation of the required Privacy Safe- 
guards Plan would obviously constitute a considerable 
administrative task and would necessitate the commitment 
of manpower and monetary resources beyond those available 
within present constraints. 


STATINTL 


Charles W. Kane 
Director of Security 
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OGC 74-1814 
8 October 1974 


MEMORANDUM FOR: Deputy Director for Administration 


SUBJECT: OGC Comments on Proposed Office of Management 
and Budget Circular Entitled "Protection of Personal 
Privacy in Federal Information Systems" 


l. Itis the opinion of this Office that the subject circular is objectionable 
because the Agency is not given a specific exemption from its provisions. 
Instead, the draft provides that its provisions will not apply (1) if inconsistent 
with law or executive order, or (2) when the head of an agency determines 
that a deviation from the provisions is in the public interest and specifies the 
nature of the deviation and the reasons therefore in a required Privacy 
Safeguard Plan. Since all systems of records utilized by the Agency are either 
classified or subject to exclusion upon a permissible determination by the 
Director, the general exemption imposes an unnecessary burden upon CIA 
for implementation of the circular. In addition, the concept of a Privacy 
Safeguard Plan (Attachment A to draft circular) is extremely broad and 
demands information and data which this Agency is obligated to protect from 
unauthorized disclosure. 


2. It is the opinion of this Office that the Agency should be given a 
specific exemption from all provisions of the circular. However, at a minimum, 
the Agency should be exempt from all provisions that go beyond the provisions 
of the proposed Executive Order which were unobjectionable to this Office. 
Those provisions are: 


a. arequirement that information used by an agency 
to make determination about individuals be accurate, relevant, 
timely, and as complete as reasonably necessary to assure 
fairness to the individual; 
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b. a requirement that records or information contained 
therein not be disclosed within the agency other than to employees 
who have a need for the record or information in the performance 
of their duties; and 

c. arequirement that the agency publish annually in the 
Federal Register a notice of the existence and character of its 
systems of records to include: 


(1) the name of the system; 


(2) the categories of individuals on whom records are 
maintained; 


(3) the categories of information maintained; and 


(4) the policies and practices of the agency regarding 
storage, retention, and disposal of the records. 


Logic and consistency seem to suggest that the OMB circular should track the 
proposed Executive Order which has previously been submitted for comment. 


STATINTL 


Office of General Counsel 
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CENTRAL INTELLIGENCE AGENCY Ly es 
WASHINGTON, D.C, 20505 
OLC 74-1856/a 


4 SEP 1974 


Mr. Stanley Ebner, General Counsel 
Office of Management and Budget 
Washington, D.C. 20503 


Dear Mr. Ebner: 


This is in reply to your letter dated August 21, 1974, requesting 
our comments concerning a proposed Executive Order entitled, "To 
Protect the Rights of Individuals with Respect to Records Maintained 
About Them by Federal Agencies." 


It is understood that the purpose of Section 5(b) of the proposed 
Order is to exempt the records of the Central Intelligence Agency from 
all provisions except for sections 2(b), 3(b), and 4(c)(1) through 4(c) (4). 
However, in view of the introductory phrasing of section 5, it might 
be argued that the exemption does not apply to CIA records disseminated 
to other agencies, 


In the interest of clarifying this ambiguity, it is requested that 
Section 5 be revised along the following lines: 


"Sec. 5, Except for subsections 2(b), 3(b), 
and 4(c)(1) - (4) -- 


'(a) the head of an agency may exempt from 
all or part of the provisions of this Order 
any portion of a system of record which is; "! 


[NOTE: To conform to the format of 
the proposed Order redesignate sub- 
paragraphs (a) and (c) through (g) as 
subparagraphs (1) through (6), respectively. ] 
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_"(b) systems of records, or any portion 
thereof, maintained or originated by the 
Central Intelligence Agency shall be 
exempt from the provisions of this Order." 


With the above change, we offer no objection to the issuance 
of the proposed Executive Order. 


Sincerely, 


fai W. EB. Colby 


W. E. Colby 
Director 
Distribution: 
Original - Addressee 
> ser 
1 - DDCI 
1l-ER ; 


4 OLC Subject file (H.R. 12206) 
1- OLC OMB Liaison file 
1 ~- OLC Chrono 

OLC/PLC:bao (4 Sep 74) 
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a” 
21 August 1973 


MEMORANDUM FOR: Acting Director of Central Intelligence 


SUBJECT: Automated Personal Data Files 


1. The attached report proposes five principles governing 
automated files on Individual American citizens. it recommends federal 
siation to reflect these five principles. (The principtes are fisted 
In Mr, Welnberger's letter to you, q.v.}). Weinberger and Elllott 
Richardson are now pursuing the development of some form of 
legislation. 


2. CIA's present handling of automated personal dats files 
is not In comptiance with the five principles. 


3. 1! fave touched base with Larry Houston, Charlie Kane 
(Security) and Jack Blake (Personnel). Larry has drafted 3 response 
with which | agree (attached) which gets on record early our interest 
In participating in a review cf existing law, etc. as a prelude to 
possible exception requests. 


%. {| suggest that the Office of the General Counsel be the 
focal point for this matter as it evolves. 


/ Charles A. Briggs 


ries A. Briggs 
rmation Processing Board 
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The Honorable Caspar W. Weinberger 
Secretary of Health, Education, and Welfare 
Washington, D.C. 20201 


Dear Mr. Weinberger: 


Thank you fer forwarding to me your repert on automated 
personal data systems entitled Records, Computers, and the Rights 
of Citizens. The report faces a fundamental issue of cbvious 
importance and deep concern to both public and private organizaticns. 


In the body of the report, in connection with personal-data 
record-keeping systems, a distinction is made between administrative 
systems and statistical reporting and research. A further distinction 
is made as to that portion of the administrative records which is 
termed “intelligence records.“ The report notes that intelligence 
records which are kept as « basis for determining suitability of 
employment, clearance fer access to classified national security 
information, and similar purposes may have their utility weakened 
if all the safeguard requirements were applied te all types of 
intelligence records. This is an area in which this Agency would 
be particularly concerned, and we agree that the process of 
considering exceptions for intelligence systexs would entail a 
careful review of existing policy, laws, and practices covering 
the creation, maintenance, and use of intelligence recerds about 
individuals. We belleve it essential that this Agency and others. 
with similar functions participate in any such review. Since the 
Department of Health, Education, and Welfare is now developing 
legisiation and regulations concerning systems within the reach 
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of the Department's authority, it is apparent that the overall 
review of intelligence records will take place in a broader 
forum. I agree, however, that the report is a useful guide for 
deliberation and action on the important public policy issues it 


addresses. 
Sincerely, 
0 vow A da | te ws 
Vernon A. Walters 
Lieutenant General, USA 
Acting Director 
Distribution: 
Orig - addressee 
1 - AD/CI 
1- ER 


Q@- DDMsS — 
i - Gen Counsel 
1 - PPB subj (IPS) 
1 - PPB reading 
1 - IPS chrono 
STATINTL O/PPB/LHouston/mrul __‘[21Aug73) 


DD/M§&S Distribution: 


- DD/M&§S Subj 
1 - D/Pers 
1 - D/Sec 
1 - D/MS 
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THE SECRETARY OF HEALTH, EDUCATION, AND WELFARE 


WASHINGTON, D.C. 20201 


August 9, 1973 


Honorable Vernon A. Walters _ 

Deputy Director, Central Intelligence 
Agency 

Washington, D. C. 20504 


‘Dear Mr. Walters: 


I am pleased to be able to forward to you the enclosed report on 
issues attending the use of computers and telecommunications tech- 
nology to keep records about individual Americans. Entitled Records, 
Computers, and the Rights of Citizens, the report was prepared for 
me by a public advisory committee that Attorney General Richardson 
appointed in the Spring of 1972 while he was Secretary of Health, 
Education, and Welfare. It represents the considered views and re- 
commendations of a group of knowledgeable and concerned citizens 
who have conducted a year-long examination of record-keeping practices 
associated with the operation of automated personal data SarStens by 
public and private organizations. : 

+ 
In my opinion, as I have stated in making the report available to the 
press, the principles underlying the "safeguard requirements" recom- 
mended by the Committee are sound. Computers linked together through 
high-speed data transmission networks are fast becoming the chief means 
of making, storing, and using records about people. If properly con- 
ceived and operated, this application of electronic data processing 
technology promises substantial social benefit. However, because auto- 
mated systems tend to increase the frequency and intensity of our re- 
liance on recorded information, it is important that we have adequate 
mechanisms for assuring citizens all the protections of due process in 
relation to the records we maintain about them. 


The principles of fair record-keeping practice formulated by the Com- 
mittee are the following: 


fe) There must be no personal-data record-keeping systems 
whose very existence is secret. 
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Page 2 - Honorable Vernon A. Walters 


o ‘There must be a way for an individual to find out what 
information about him is in a record and how it is used. 


o There must be a way for an individual to prevent inform- 
ation about him obtained for one purpose from being used 
or made available for other purposes without his consent. 


ae) There must be a way for an individual to correct or amend 
a record of identifiable information about him. 


o Any organization creating, maintaining, using, or dissemin- 
ating records of identifiable personal data must assure the 
reliability of the data for their intended use and must take 
reasonable precautions to prevent misuse of the data. 


The Department of Health, Education, and Welfare is now developing lezg- 
islation and appropriate administrative regulations to assure that these 
five principles govern the operation of all automated personal data 
systems within reach of the Department's authority. I hope that you 
also will find the Committee's report a useful guide to deliberation 

» and action on the aor policy issues it addresses. 


Sin sag) 
wud Me nahosjeer 


Secretary 


Enclosure 
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